How to Use `rsync` for Remote Backups on Debian 12 Bookworm

Learn how to use rsync for efficient remote backups on Debian 12 Bookworm. This guide covers installation, configuration, and practical examples.

by İbrahim Korucuoğlu ( @siberoloji) | Sunday, April 06, 2025

Categories:

Linux

5 minute read

Data loss is one of the most critical issues a system administrator or developer can face. Whether you’re managing a single personal server or a large-scale production environment, setting up reliable backup strategies is essential. One of the most flexible and widely-used tools for performing backups, especially remote backups, is rsync.

This article will walk you through using rsync to perform remote backups on a Debian 12 “Bookworm” system. We’ll cover everything from installation and configuration to real-world examples and best practices.

What is `rsync`?

rsync stands for remote synchronization. It is a command-line utility that allows you to efficiently copy and synchronize files between local and remote systems. Unlike basic copy commands, rsync transfers only the differences between source and destination files, making it fast and bandwidth-efficient.

Key Features:

Differential file transfer
Preserves file permissions, timestamps, symbolic links, etc.
Supports SSH for secure transfers
Resume capability for interrupted transfers
Can exclude files or directories using patterns

Installing `rsync` on Debian 12

By default, rsync is available in Debian’s official repositories. To install it, simply run:

sudo apt update
sudo apt install rsync

To verify the installation:

rsync --version

You should see the installed version details, confirming that rsync is ready to use.

Basic `rsync` Syntax

Before diving into remote backups, let’s take a look at the basic rsync command structure:

rsync [options] source destination

When working with remote systems, either the source or the destination will be in the format:

user@remote_host:/path/to/directory/

Setting Up SSH Access for Remote Backups

Since rsync commonly uses SSH to connect to remote systems securely, you need to ensure:

The remote system is running an SSH server (openssh-server).
You have SSH access with proper authentication (password or key-based).

Step 1: Install OpenSSH on the remote system

sudo apt update
sudo apt install openssh-server

Step 2: Create SSH Keys (if not already created)

On the local system:

ssh-keygen -t rsa -b 4096

Press Enter through the prompts to use default settings. Then, copy the public key to the remote system:

ssh-copy-id user@remote_host

This allows password-less login using the SSH key, which is ideal for automated backups.

Performing a Simple Remote Backup

Let’s say you want to back up the /home/user/documents/ directory from your local Debian 12 system to a remote server.

rsync -avz /home/user/documents/ user@remote_host:/backup/documents/

Explanation of options:

-a: Archive mode (preserves permissions, symlinks, etc.)
-v: Verbose (shows progress)
-z: Compress data during transfer (saves bandwidth)

This command will synchronize the local documents folder with the /backup/documents/ directory on the remote server.

Backing Up Remote Data to the Local Machine

If you want to back up a remote server’s data to your local machine:

rsync -avz user@remote_host:/etc/nginx/ /home/user/remote_nginx_backup/

This pulls configuration files from the remote server and stores them locally.

Automating Backups with Cron

To ensure regular backups, you can automate rsync using cron jobs.

Step 1: Open crontab for editing

crontab -e

Step 2: Add a cron job

For example, to run a backup every day at 2:00 AM:

0 2 * * * rsync -az /home/user/documents/ user@remote_host:/backup/documents/ >> /var/log/rsync-backup.log 2>&1

This logs the output to /var/log/rsync-backup.log.

Using `rsync` with Exclusion Patterns

You can tell rsync to skip certain files or directories.

rsync -avz --exclude '*.tmp' --exclude 'cache/' /home/user/ user@remote_host:/backup/user/

This excludes files ending in .tmp and any directory named cache.

You can also use an external exclude file:

exclude.txt content:

*.tmp
.cache/
.DS_Store

Then run:

rsync -avz --exclude-from='exclude.txt' /home/user/ user@remote_host:/backup/user/

Dry Run Mode: Test Before Running

To see what rsync would do without making changes:

rsync -avzn /home/user/ user@remote_host:/backup/user/

-n: Dry run. Use this to validate the command before actual execution.

Protecting Against Accidental Deletion

By default, rsync may delete files in the destination that no longer exist in the source if the --delete option is used.

Use this carefully:

rsync -avz --delete /home/user/ user@remote_host:/backup/user/

This keeps the destination as a mirror of the source. If you want to avoid accidental deletions, omit --delete or use the --backup option:

rsync -avz --delete --backup --backup-dir=/backup/deleted_files/ /home/user/ user@remote_host:/backup/user/

This moves deleted files to a separate backup folder instead of removing them.

Ensuring Data Integrity with Checksums

To verify file integrity, use the --checksum option. This causes rsync to compare files based on their checksum rather than modification time and size:

rsync -avz --checksum /home/user/ user@remote_host:/backup/user/

Note: This can be slow for large datasets, as it requires calculating checksums for all files.

Securing `rsync` Transfers

Even though SSH is secure, here are a few additional tips:

Use a non-root user for backup tasks.
Restrict SSH access to trusted IPs using firewall rules.
Use fail2ban to prevent brute-force SSH attacks.
Consider rsync daemon mode with proper configuration and authentication, if SSH is not an option.

Troubleshooting Common `rsync` Issues

1. SSH Permission Denied

Check:

Correct username
SSH key exists and is in the remote ~/.ssh/authorized_keys
File permissions on .ssh are correct (700 for the folder, 600 for the keys)

2. “rsync: command not found” on remote

Ensure rsync is installed on the remote system as well:

ssh user@remote_host "sudo apt install rsync"

3. Partial Transfers

Add the --partial option to resume interrupted transfers:

rsync -avz --partial /home/user/ user@remote_host:/backup/user/

Real-World Example: Website Backup

Let’s back up a web server directory and its configuration from a remote server to a local Debian 12 system.

rsync -avz user@webserver:/var/www/html/ /home/user/web_backups/html/
rsync -avz user@webserver:/etc/nginx/ /home/user/web_backups/nginx_config/

Combine it into a shell script for automation:

#!/bin/bash
DATE=$(date +%Y-%m-%d)
BACKUP_DIR="/home/user/web_backups/$DATE"

mkdir -p "$BACKUP_DIR/html"
mkdir -p "$BACKUP_DIR/nginx_config"

rsync -avz user@webserver:/var/www/html/ "$BACKUP_DIR/html/"
rsync -avz user@webserver:/etc/nginx/ "$BACKUP_DIR/nginx_config/"

Then automate this script with cron.

Conclusion

rsync is an incredibly powerful tool for setting up efficient, secure, and flexible remote backups on Debian 12 Bookworm systems. Whether you’re backing up personal data, server configurations, or large datasets, rsync provides a solid foundation for a robust backup strategy.

By using SSH for encrypted transfers, leveraging automation with cron, and applying features like exclusion patterns and integrity checks, you can build a dependable backup system tailored to your environment.

Always remember: backups are only as good as your last restore test. So periodically test your backup strategy and adjust as needed.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

< How to Use `tar` to Back Up Files on Debian 12 Bookworm How to Create Full System Backups >